Create an additional authentication check for `/manage` endpoints

For API endpoints which are used to Admin actions like listing all PATs we will include an additional compulsory authentication step.

Along with PersonalAccessToken based authentication, user will need to send DPoP JWT Token along with each request. This check needs to be included in api_guard.rb.

&16343

Final Execution Plan -

1. Introduce a Group level Setting named - enforce_dpop_to_manage_api_endpoints
2. If setting is enabled /manage endpoint cannot be accessed via Personal Access Tokens and DPoP authentication is enforced irrespective of user level setting dpop_enabled
3. If setting is disabled /manage Dpop authentication is only enforced when user level setting dpop_enabled is enabled as well.